The use of a computer to communicate over a network has become mainstream over the past decade. As a result, organizations and individuals typically rely on their networks to conduct business, communicate with others, and search for and retrieve data. In addition to helping businesses and individuals communicate and conduct business over a greater distance, the increased use of networks has also put computers at a greater risk. For example, the data stored on a computer communicating over a network such as the World Wide Web is vulnerable to viruses infecting the computer and destroying its data. Consequently, network security has become an item of paramount importance to organizations and individuals alike.
When configuring a network, a network security policy is often employed to ensure that each device communicating on the network is configured with specific and accepted security standards. For example, a corporation may have a security policy that states that all computers using the corporation's network must have a functioning virus scanner. This security policy may also specify the virus scanner that each device must have, such as by specifying that each device have Norton AntiVirus (manufactured by Symantec of Cupertino, Calif.).
As the number of devices communicating on the network increases, it usually becomes more difficult to make sure that each device communicating on the network meets the required security policy. Further, a breach in the security of the network may have a crippling effect, possibly resulting in down-time, computer repairs, and large costs to fix.
Traditionally, to lessen the risk of a security breach and ensure compliance with the security policy (e.g., having a functioning virus scanner), a security administrator or auditor uses a scanning application to scan a computer. The scanning application may be installed on each device communicating on the network to examine the device. This local scanning, however, introduces numerous problems. First, each individual device has the scanning application installed on the device. This may result in different devices having different versions of the scanning application. Moreover, the initiation of the scanning ordinarily occurs on the device itself. This may require a separate initiation sequence for each device. Further, the time required to deploy the scanning application on each device in the network is often too burdensome of a task to implement. Thus, local scanning is often too onerous to initiate and maintain.
Rather than using agent software to scan a device locally, a scanning application may instead periodically scan the networked computers remotely to locate any devices that do not follow the security policy. There are, however, numerous drawbacks associated with this scanning technique. One drawback is that the scan may not be comprehensive because some devices may have, for some reason, been turned off at the time of the scan and, consequently, may not have been scanned. Another shortcoming with periodic scanning is that there may be a significant delay between the time that a device attaches, or connects, to the network and the time that the scan occurs during the next scheduled scan. This time lag may result in a network being infected before a scan has occurred. Therefore, the periodic scanning, by its nature, does not enforce the security policy at all times.
A third weakness is that the periodic scan does not work well with computers that ordinarily connect to the network using transient means, such as with a virtual private network connection or using a wireless access point. In particular, the device may not be available at the time that the scan occurs because of the transient nature of the connection.